CN103390132A - Automatic Unix system security configuration check method - Google Patents
Automatic Unix system security configuration check method Download PDFInfo
- Publication number
- CN103390132A CN103390132A CN201210137541XA CN201210137541A CN103390132A CN 103390132 A CN103390132 A CN 103390132A CN 201210137541X A CN201210137541X A CN 201210137541XA CN 201210137541 A CN201210137541 A CN 201210137541A CN 103390132 A CN103390132 A CN 103390132A
- Authority
- CN
- China
- Prior art keywords
- security
- security configuration
- configuration
- check
- automatic
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention aims at providing an automatic Unix system security configuration check method, which can obtain Unix system security configuration data through an automatic software technique, make a comparison with security configuration check specifications built in software, automatically obtain overall scores of Unix system security configuration check and a specific security configuration check result according to an algorithm, and correspondingly give a reasonable suggestion. An automatic Unix system security configuration check technique has the ability of remotely and locally checking the security configuration of the Unix system and satisfies the requirements of configuration specifications; and since a friendly man-machine interface and a rich report system are provided, the intelligence and the automation of security check are fully realized. Moreover, the automatic Unix system security configuration check method can also be widely used for security work such as product admittance, network access testing, work acceptance, system operation and maintenance configuration, self-evaluation, security reinforcing and security inspection.
Description
Technical field
The present invention relates generally to the safety technique field of computer information system.
Background technology
Along with the business development, the network size expanding day, it is produced, the network structure of business support system also becomes and becomes increasingly complex.Wherein, quantity and the kind of important application and server are increasing,, in case maintainer's maloperation occurs, perhaps adopt unalterable starter system setting and have ignored requirement for security control, just may affect greatly the normal operation of system.Therefore set up the baseline security standard of security checkpoints and operating guidance for the operation system of industry, become the most urgent thing of industry-by-industry safety manager.The baseline security standard will form detailed Checklist form and the operating guidance for different system, for standardized technical security operation provides framework and standard.Its range of application is very extensive, the safety inspection of reaching the standard grade, the third party who mainly comprises the new business system network safety inspection, close rule safety inspection (higher level's inspection), routine safety inspection etc.
Carry out the regular job of specification technique personnel on sorts of systems by adopting unified security configuration standard, allow the O﹠M personnel that the mark post that checks the acquiescence risk has been arranged, but in the face of kind in network is numerous and diverse, equipment and the software of One's name is legion, really complete system configuration and the reparation of compliance, but become a thing that wastes time and energy:
Security configuration inspection and problem reparation all need manually be carried out, and supervisory personnel's skills and experience is had relatively high expectations; The minute inspection of doing a popularization expends time in longer, and if spot-check instead would check comprehensive just very poor; Checking oneself and checking all needs login system to carry out, and more multiplex's work is more loaded down with trivial details for object, and work efficiency is not high yet; Manual record is all wanted in every inspection, slightly has careless omission just need to again mend survey.
Concerning check oneself or the supervisory personnel, require a great deal of time and energy carrys out checkout facility, collects data, making and the report of audit risk, to identify every system that does not meet safety standard requirements.How realize fast and effectively reaching the standard grade on the new business system safety inspection, third party network safety inspection, close the comprehensive equipment inspections such as rule safety inspection (higher level's inspection), routine safety inspection, the result how about centralized collection is verified, and making risk audit report, and finally identify those and the incongruent project of safety standard, close the requirement of rule to reach rectification, these are new difficult problems that the network O﹠M personnel face.
Summary of the invention
The object of the present invention is to provide a kind of Unix security of system configuration inspection method of robotization, it can be by the software engineering of robotization, obtain Unix security of system configuration data, and with the built-in security configuration of software, check that standard compares, robotization draw overall score and the concrete security configuration check result of Unix security of system configuration inspection and the corresponding conductive suggestion that provides according to algorithm.
The Unix security of system configuration inspection method of robotization has long-range and local ability of Uni * system being carried out the security configuration inspection, and meet the configuration specification requirement, have simultaneously friendly man-machine interface and abundant reporting system, realized intellectuality, the robotization of safety inspection work fully.Can also be widely used in the trouble free services such as product access, network access testing, the acceptance of work, the configuration of system O﹠M, self-assessment, security hardening, safety patrol inspection.
The function of the Unix security of system configuration inspection method major embodiment of robotization is as shown in the table:
Description of drawings
With reference to the detailed description below in conjunction with accompanying drawing, it is more obvious that feature of the present invention, advantage and other side thereof will become, wherein:
Fig. 1 has schematically shown the baseline security model figure of service based system;
Fig. 2 has schematically shown the system architecture schematic diagram of one embodiment of the present of invention;
Fig. 3 has schematically shown the process flow diagram of one embodiment of the invention;
Embodiment
1. access mode
● support local the inspection and two kinds of test modes of long-range inspection;
● to the long-range inspection of Unix system recommendation SSH not, the multiple remote access mode such as Telnet;
● can specify the information such as login username and password.
● destination host is also supported test mode by the springboard main frame
2. scan mode
● support the scan task of multiaddress section target;
● support automatically to find the function of main frame and Intelligent Recognition goal systems type;
● support the automated intelligent matching feature of the configuration specification that target and inspection are used.
3. user interface
● support graphic user interface;
● support Chinese interface and Chinese environment;
● all operations is based on menu mode but not command line mode.
● possess detailed help information;
● functions of shortcut key is arranged;
● support distributed deployment and centralized control;
● easy and simple to handle, support local the inspection and long-range checking ability
● in long-range inspection, as long as check that target and instrument are that I P can reach, and check the open related service of target and port, just can carry out long-range inspection;
● all check results can be preserved, and can derive the statement forms such as Excel/PDF;
● support the association statistics and analysis of check result.
4. configuration is installed
● instrument mounting platform: support Chinese windows platform;
● deployment way: support standalone version deployment way and client/server deployment way.
5. deployment way
The security baseline configuration is verified Platform deployment in intranet, with the other assets of enterprise information system, by network, can reach.It can carry out quick-searching to assets information based on the IP address.
Claims (7)
1. robotization security configuration inspection method, it is characterized in that, auto acquisition system security configuration data, and with the built-in security configuration of software, check that standard compares, robotization draw overall score and the concrete security configuration check result of security of system configuration inspection and the corresponding suggestion for revision that provides according to algorithm.
2. auto acquisition system security configuration data according to claim 1, is characterized in that, local self-verifying and remote auto inspection, and the remote auto test mode is used Telnet, SSH.Automatic acquisition comprises scanister and testing fixture.
Scanister, for whole opening imformation data of scanning system.
Testing fixture, for the security configuration information data of check system.
3. security configuration according to claim 1 checks standard, it is characterized in that comprising: detection method, fill order, matched rule, suggestion for revision.
4. according to claim 2 testing fixture, is characterized in that, shows that the configuration item comparison checks standard, counts the score according to algorithm.
5. according to claim 3 detection method, is characterized in that comprising, the reference configuration operation, and decision condition, detect operation.
6. suggestion for revision according to claim 3, its feature are comprising, the reference configuration operation, and the complement operation explanation, decision condition, detect operation.
7. algorithm according to claim 4, its feature is comprising: total system scoring method, historical trend algorithm, asset level algorithm.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210137541XA CN103390132A (en) | 2012-05-07 | 2012-05-07 | Automatic Unix system security configuration check method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210137541XA CN103390132A (en) | 2012-05-07 | 2012-05-07 | Automatic Unix system security configuration check method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103390132A true CN103390132A (en) | 2013-11-13 |
Family
ID=49534401
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210137541XA Pending CN103390132A (en) | 2012-05-07 | 2012-05-07 | Automatic Unix system security configuration check method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103390132A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103699831A (en) * | 2013-12-31 | 2014-04-02 | 曙光云计算技术有限公司 | System and method for reinforcing mainframe in real time |
| CN104506351A (en) * | 2014-12-18 | 2015-04-08 | 北京随方信息技术有限公司 | Method and system for performing online full-automatic configuration of compliance safety audit |
| CN105245392A (en) * | 2014-06-27 | 2016-01-13 | 北京新媒传信科技有限公司 | Method and device for base line checking and repairing |
| CN108600260A (en) * | 2018-05-09 | 2018-09-28 | 国家计算机网络与信息安全管理中心 | A kind of industry Internet of Things security configuration check method |
| CN110858132A (en) * | 2018-11-22 | 2020-03-03 | 哈尔滨安天科技集团股份有限公司 | Configuration safety detection method and device for printing equipment |
-
2012
- 2012-05-07 CN CN201210137541XA patent/CN103390132A/en active Pending
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103699831A (en) * | 2013-12-31 | 2014-04-02 | 曙光云计算技术有限公司 | System and method for reinforcing mainframe in real time |
| CN105245392A (en) * | 2014-06-27 | 2016-01-13 | 北京新媒传信科技有限公司 | Method and device for base line checking and repairing |
| CN104506351A (en) * | 2014-12-18 | 2015-04-08 | 北京随方信息技术有限公司 | Method and system for performing online full-automatic configuration of compliance safety audit |
| CN104506351B (en) * | 2014-12-18 | 2018-08-14 | 北京随方信息技术有限公司 | On-line Full configuration compliance method for auditing safely and system |
| CN108600260A (en) * | 2018-05-09 | 2018-09-28 | 国家计算机网络与信息安全管理中心 | A kind of industry Internet of Things security configuration check method |
| CN110858132A (en) * | 2018-11-22 | 2020-03-03 | 哈尔滨安天科技集团股份有限公司 | Configuration safety detection method and device for printing equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10021138B2 (en) | Policy/rule engine, multi-compliance framework and risk remediation | |
| CN101329564B (en) | Computer room management system | |
| CN107203838A (en) | Equipment management system | |
| CN103198391B (en) | Based on power communication system for managing spare part and the method for ant group algorithm | |
| CN103390132A (en) | Automatic Unix system security configuration check method | |
| CN103390133A (en) | Automatic Windows system security configuration check method | |
| CN109767081B (en) | Method and device for generating power worksheet | |
| CN102306258B (en) | UNIX host safety configuration auditing method based on configurable knowledge base | |
| KR20140070237A (en) | System and method for managing food safety through online | |
| CN103389705A (en) | Operation monitoring system and method | |
| CN106055984A (en) | Classified management method applied to security baseline software | |
| WO2011063269A1 (en) | Method and apparatus for risk visualization and remediation | |
| CN104486346A (en) | Stepping stone system | |
| CN110430081A (en) | The intelligent method for inspecting and device of automatic editing based on instruction | |
| CN103971188A (en) | Fire protection management service platform and implementation method thereof | |
| CN113722747A (en) | Road water transport engineering test detection big data system and early warning method | |
| CN114186650A (en) | Maritime personnel emergency management system and management method | |
| CN113872332A (en) | Intelligent operation and maintenance and anti-error management and control system and method for secondary pressing plate of transformer substation | |
| CN114399265A (en) | Electric power engineering construction project overall process management and control system | |
| CN103295164A (en) | Power grid safety monitoring management information system and management method | |
| CN104182829A (en) | Instrument development reliability management and support system | |
| CN112465480A (en) | A real name system management system of labor affairs for building trade | |
| CN115239144A (en) | Dual prevention mechanism information system based on regional risk management | |
| CN101980212A (en) | Aviation electronic checklist and implementation method thereof | |
| CN115424212A (en) | Electric power operation field violation identification system and application thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20131113 |